From patchwork Mon Apr 12 15:05:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 419561 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6d12:0:0:0:0 with SMTP id m18csp1702756ejr; Mon, 12 Apr 2021 08:06:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCagrQMeCpGnZ30pcqosOo4L8MOAViRknY2LTAJE3WII9fUlajGuQaX76yX532WbymBMyz X-Received: by 2002:a17:907:e9e:: with SMTP id ho30mr28158892ejc.300.1618239998755; Mon, 12 Apr 2021 08:06:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618239998; cv=none; d=google.com; s=arc-20160816; b=VVK5a2RCB3xtp3IO3ALjdQZJLL9wXIdPicrMib2vk7e42Tv6Y1OZeJzYsDCHxFxG5L Zbh2evgeP0hSPTcKsFK/9BbCmrVArYikIEkkgUwjjhwA3Qh7PR49a7qhvyxZmA/gZjgY ocefvgSwqLnUqdVbqlzVHGkKsUAol9fXeaathzsKCrm4OvOdPg9DJVjp89CXI7kIE8LO eAycDfMI34SPUh7b/PK0asTGUnwjhOEw1uE4O7rBLNtJnUy+2dIP0dJp/Hze32AHr8fo vLuD6YaVC/1ZED75hHiYDNPh69xTyNRDrHSLfqvofE4n8shEOHkQGN/0agbwn+GpJztN 5F+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from; bh=hW/uFeyNX0PnSeG4RdrU7AddhTWldQWnFSF7S+yH5A0=; b=HjnHONh+wIaspooojdJ+eMZ0qP1IJmKB9y0cZFvFNVGn9RqR9N1IdGaHzCfjWagF6v vz0FuWBUQ6DINuEgeyuw+KfRnw0/+3JQm6r7DnstNERumFdXHm/125b1yBxiFxA/8T0B u5kCYgC44JHHp632HO91P+TClXAdxn4M2d/1FSkyyUhJdETpsmF0cPnru9DJ4+NZWFSJ 0RjaVjIc0DFQvXoFRBfCxfJgX47Ndqhn5VXTnP6To+J0ruQ2rPcelIPtr7BkHeU5UsbX AlR63O2+5SfQSC2cxFyFbmILEcvHCOf4Jke4lab5tPBjG06jYqTYrWnIpCj5HhvMIFgM erNA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id v11si7710761eje.681.2021.04.12.08.06.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Apr 2021 08:06:38 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E67B2817C4; Mon, 12 Apr 2021 17:06:13 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 05A1281607; Mon, 12 Apr 2021 17:05:57 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id AA5D881743 for ; Mon, 12 Apr 2021 17:05:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8A058113E; Mon, 12 Apr 2021 08:05:52 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 727293F694; Mon, 12 Apr 2021 08:05:50 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Alexander Graf , Simon Glass , Bin Meng , Pali Rohar , Sughosh Ganu Subject: [PATCH v2 1/4] efi_loader: capsule: Remove the check for capsule_authentication_enabled environment variable Date: Mon, 12 Apr 2021 20:35:23 +0530 Message-Id: <20210412150526.29822-2-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210412150526.29822-1-sughosh.ganu@linaro.org> References: <20210412150526.29822-1-sughosh.ganu@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean The current capsule authentication code checks if the environment variable capsule_authentication_enabled is set, for authenticating the capsule. This is in addition to the check for the config symbol CONFIG_EFI_CAPSULE_AUTHENTICATE. Remove the check for the environment variable. The capsule will now be authenticated if the config symbol is set. Signed-off-by: Sughosh Ganu --- Changes since V1: * As pointed out by Heinrich in the review, remove the extra check of the env variable 'capsule_authentication_enabled'for authenticating the capsule. The capsule authentication will now be done based on whether the corresponding config symbol is enabled. board/emulation/common/qemu_capsule.c | 6 ------ lib/efi_loader/efi_firmware.c | 5 ++--- 2 files changed, 2 insertions(+), 9 deletions(-) -- 2.17.1 Reviewed-by: Heinrich Schuchardt diff --git a/board/emulation/common/qemu_capsule.c b/board/emulation/common/qemu_capsule.c index 5cb461d52b..6b8a87022a 100644 --- a/board/emulation/common/qemu_capsule.c +++ b/board/emulation/common/qemu_capsule.c @@ -41,9 +41,3 @@ int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) return 0; } - -bool efi_capsule_auth_enabled(void) -{ - return env_get("capsule_authentication_enabled") != NULL ? - true : false; -} diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c index 7a3cca2793..a1b88dbfc2 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -190,7 +190,7 @@ static efi_status_t efi_get_dfu_info( IMAGE_ATTRIBUTE_IMAGE_UPDATABLE; /* Check if the capsule authentication is enabled */ - if (env_get("capsule_authentication_enabled")) + if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE)) image_info[0].attributes_setting |= IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; @@ -421,8 +421,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image( return EFI_EXIT(EFI_INVALID_PARAMETER); /* Authenticate the capsule if authentication enabled */ - if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) && - env_get("capsule_authentication_enabled")) { + if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE)) { capsule_payload = NULL; capsule_payload_size = 0; status = efi_capsule_authenticate(image, image_size,